New arrest in Internet attacks case

Juvenile released Blaster-like program, authorities say

Below:

Next story in Security

Federal authorities have made another arrest in the MSBlaster computer worm case, the U.S. Attorney’s Office in Seattle announced Friday. A juvenile was arrested in connection with release Trojan horse program called “RPCSDBot.” The program, also called a spybot, sneaks onto computers using the same security flaw as the original MSBlaster worm, giving a computer attacker complete remote control of the victim’s machine.

“Computer hackers need to understand that they will be pursued and held accountable for malicious activity, whether they be adults or juveniles,” said U.S. Attorney John McKay in a statement on the agency’s Web site. The suspect has been charged with juvenile delinquency, based on intentionally causing damage to computers.

The juvenile’s name and home town were not released.

The U.S. Attorney’s Office indicated on its Web site that it had arrested a suspect for releasing a variant of Blaster. But some experts said that wasn’t entirely accurate.

RPCSDBot is a malicious program that allows an attacker to silently target individual computers, said Russ Cooper, a spokesman for TruSecure Corp. But it is not a worm — it doesn’t spread on its own. And while it attacks the same Windows security hole as the Blaster worm, it’s an entirely separate program, he said.

“This has nothing to do with Blaster,” he said.

Craig Schmuger, spokesman for Network Associates Inc., agreed that the program was not a Blaster variant, adding that while RPCSDBOT is a nasty program, it infected relatively few computers around the Internet.

This is the second Blaster-related arrest announced by the Seattle U.S. Attorney’s office, which is investigating the Blaster case because the worm attacked Microsoft Corp. computers. The first suspect, 18-year-old Jeffrey Parson, was arraigned in a Seattle court earlier this month and pleaded not guilty.

Another MSBlaster variant suspect has also been tracked down by authorities. Earlier this month, Romanian police arrested 24-year-old university student Dan Dumitru Ciobanu and charged him with writing MSBlaster.F. That variant only infected a handful of computers.

It wasn’t immediately clear what the juvenile’s alleged role was in release of the program; nor was it clear if the suspect played any role in releasing the original Blaster worm, which infected over 1 million computers worldwide. But the U.S. Attorney’s Office indicated its investigation was ongoing.

“Law enforcement is continuing its investigation into any additional persons who were involved in that activity. We encourage anyone with information concerning this matter to contact the FBI and/or the (United States Secret Service),” the agency said.